<?php
$action = $_GET["action"];
if ($action == "delete") {
	$mid = $_GET["mid"];
	Message_Controller::delete_message($mid);
}else if($action == "delete_title") {
	$mid = $_GET["mid"];
	Message_Controller::delete_message_title($mid);
}
class Message_Controller {
	function showMessage($id,$whoami) {
		require('../host_config.php');
		require_once('../Model/MySQL.php');		
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		//For message sql			
		$id = mysql_real_escape_string($id);
		$whoami = mysql_real_escape_string($whoami);
		$sql_msg = "SELECT name, mid, rec_id, timestamp, msg_cont, pic, send_id FROM messages inner join user on send_id = uid WHERE rec_id = '$id' and isCommit = 0 ORDER BY mid desc";
		$result_msg = mysql_query($sql_msg, $link) or die(mysql_error());
		while($row_message=mysql_fetch_row($result_msg)){
			echo '<div class="media-box">';
				echo '<div class="media">';
					echo '<blockquote class="pull-right">';
					//判斷是不是owner & sender
					if ($id == $whoami || $id == $row_message[6]){
						//Delete Message
						echo '<a href="../Controller/message_controller.php?action=delete_title&mid='.$row_message[1].'" onClick="return confirm(\'Are you sure?\');"><i class="icon-remove" style="margin-top: 7px"></i></a><br />';						
					}						
					date_default_timezone_set("Asia/Taipei");
					echo '<small>'; echo (date('Y/n/j g:i a', $row_message[3])); echo '</small>';
					echo '</blockquote>';
					echo '<a class="pull-left" href="../views/index.php?id='.$row_message[6].'"><img class="media-object" src="../'.$row_message[5].'" width="64" height="64"></a>';
					echo '<div class="media-body">';
						echo '<h4>'; echo $row_message[0]; echo '</h4>';
						echo '<p>'; echo stripslashes($row_message[4]); echo '</p>';
						//For comment sql
						$sql_cmt = "SELECT name, mid, rec_id, timestamp, msg_cont, Msg_CmtId, pic, send_id FROM messages inner join user on send_id = uid WHERE rec_id = '$id' and isCommit = 1 and Msg_CmtId = '$row_message[1]' ORDER BY mid desc";
						$result_cmt = mysql_query($sql_cmt, $link) or die(mysql_error());
						//回應欄位
						while($row_cmt=mysql_fetch_row($result_cmt)){							
							echo '<div class="media">';															
							echo '<a class="pull-left" href="../views/index.php?id='.$row_cmt[7].'"><img class="media-object" src="../'.$row_cmt[6].'" height="64" width="64"></a>';
							echo '<div class="media-body">';
							echo '<h4>'; echo $row_cmt[0]; echo '</h4>';
							echo '<p>'; echo stripslashes($row_cmt[4]); echo '</p>';
							echo '</div>';
							echo '<div >';
							//判斷是不是owner & sender
							if ($id == $whoami || $id == $row_cmt[7]){
								//Delete Comment
								echo '<a href="../Controller/message_controller.php?action=delete&mid='.$row_cmt[1].'" onClick="return confirm(\'Are you sure?\');"><i class="icon-remove" style="margin-top: 7px"></i></a><br />';								
							}
							date_default_timezone_set("Asia/Taipei");
							echo '<small>'; echo (date('Y/n/j g:i a', $row_cmt[3])); echo '</small>';						
							echo '</div>';							
							echo '</div>';						
						}
					echo '</div>';
					echo '<form class="well" action="./wall/comment.php" method="post">';
						echo '<input type="hidden" name="mid" value="'; echo $row_message[1]; echo'" />';
						echo '<input type="hidden" name="senttoid" value="'; echo $id; echo'" />';
						echo '留言：<textarea type="text" class="span8" placeholder="請輸入文字..." name="postComment" ></textarea>';
						echo '<input type="submit" class="btn" value="送出"/>';
					echo '</form>';							
				echo '</div>';
			echo '</div>';					
		}
	}
	function showName($whoami){
		require('../host_config.php');
		require_once('../Model/MySQL.php');
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		$whoami = mysql_real_escape_string($whoami);
		$sql = "select account, name, pic, birth from user where uid = '$whoami'";
		$row = $mysql->query_row($sql, $link);
		return $row;		
	}
	function sendMessage($uid, $senttoid, $postMessage){
		require('../../host_config.php');
		require_once('../../Model/MySQL.php');
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		$postMessage = mysql_real_escape_string($postMessage);
		$time=time();
		$sql_checkFrd = "SELECT Ischeck FROM friendlist WHERE owner_id = '$uid' and friend_id = '$senttoid' and Ischeck = 1";
		$row = mysql_query($sql_checkFrd, $link);
		$Check = NULL;	
		while($rows = mysql_fetch_row($row)){
			$Check=$rows[0];
		}
		//檢查是否為朋友又或者是自己		
		if($Check!=NULL || $uid == $senttoid){
			$sql = "INSERT INTO `messages`(send_id, rec_id, timestamp, msg_cont, isCommit) VALUES ('$uid', '$senttoid', '$time', '$postMessage', '0')";
			$row = $mysql->query($sql, $link) ;
		}
	}
	function sendComment($uid, $senttoid, $postMessage, $mid){
		require('../../host_config.php');
		require_once('../../Model/MySQL.php');
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		$postMessage = mysql_real_escape_string($postMessage);
		$time=time();	
		$sql_checkFrd = "SELECT Ischeck FROM friendlist WHERE owner_id = '$uid' and friend_id = '$senttoid' and Ischeck = 1";
		$row = mysql_query($sql_checkFrd, $link);
		$Check = NULL;	
		while($rows = mysql_fetch_row($row)){
			$Check=$rows[0];
		}
		//檢查是否為朋友又或者是自己
		if($Check!=NULL || $uid == $senttoid){		
			$sql = "INSERT INTO `messages`(send_id, rec_id, timestamp, msg_cont, isCommit, Msg_CmtId) VALUES ('$uid', '$senttoid', '$time', '$postMessage', '1', '$mid')";
			$row = $mysql->query($sql, $link) ;		
		}
	}
	function delete_message($mid) {
		require('../host_config.php');
		require_once('../Model/MySQL.php');
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		$sql = "DELETE FROM messages WHERE mid = '$mid'";
		$mysql->query($sql, $link);
		header("location:../views/index.php");
	}
	function delete_message_title($mid) {
		require('../host_config.php');
		require_once('../Model/MySQL.php');
		$mysql = new MySQL();
		$link = $mysql->connect($mysql_host, $mysql_user, $mysql_password, $mysql_db);
		$sql = "DELETE FROM messages WHERE mid = '$mid' OR Msg_CmtId = '$mid'";
		$mysql->query($sql, $link);
		header("location:../views/index.php");
	}
}
?>
